True Scenario:
Representatives from the GCHQ went into The Guardian newspaper corporate office in London and demanded top secret data (leaked by Edward Snowden) be returned to authorities. The senior editor did not comply with the request to turn over the laptop, but agreed to have the machine symbolically destroyed by GCHQ on premises.

(Lets focus on just the laptop. This question is JUST about the laptop, not USB copies, backups, politics, etc.)

So the machine can't be taken away by GCHQ and kiln or dropped in a vat of acid. Portable grinders will have to suffice. No parts were submitted to GCHQ, but GCHQ needed to make sure no parts of the machine could “fall into the wrong hands” and top secret information be gleaned. So for obvious reasons they need to be thorough. (For example, a BIOS password may also be used for an encrypted file copy found elsewhere in the world...)

The idea is that if Russia or China (or whoever) got a hold of the junked Guardian laptop, and had full-on laboratory level analysis (including Magnetic Force Microscopy, and anything else you can think of real or theoretical...)

I'm looking for a brainstorm of all the bits/chips that should be destroyed within the machine. What would that GCHQ agent's checklist look like? He or she needs to stand tall in front of the GCHQ / NSA executives and say “I destroyed that machine - nothing can be recovered.”

5 Answers
5

If the laptop was only used to handle sensitive information, then destroying HDD is enough, if the laptop has been without any power for a few hours. However, if the laptop is used to hide sensitive information, there are many places where such information could be stored. Such places include: HDD/SSD, NIC boot ROM, BIOS, HDD/SSD firmware, DVD-RW firmware, Graphics card BIOS, TPM. I can't think of any other locations, but someone else might.

NIC firmware, various configuration EPROMs (RAM modules, NIC). In embedded world I've also seen persistent data being stored inside CPUs (i.e. FUSE bits) - might not be valid for the main CPU, but there are many CPU/MCUs inside a computer. Of course there's also "put something on a paper or sdcard or whatever and hide it inside the laptop".
–
domenSep 27 '13 at 13:42

That was exactly what I was looking for. Thank you Matrix. So apparently the ~spy protocol~ is to destroy everything that can hold data on the board. I suppose faux firmware update code can be created to store/access itzy bits of bytes on different “CPU/MCUs inside the computer” (per domen).
–
user31285Sep 28 '13 at 15:51

Any and all data could have been transferred off the laptop prior to destruction. Indeed unless the newspaper is willing lose unrelated information from the laptop, some of information would have been backed up beforehand anyway.

Destroying data in an open network is almost futile. The laptop connects to the corporate intranet, which connects to the internet, which connects to any third party. The assumption that the newspaper confined some of the information on the laptop is entirely unverifiable.

The solution of document watermarking doesn't work here - since the watermarks, if they existed, would simply point to whoever published the files from a secure watermark-generating server (i.e. Edward Snowden). Watermarks couldn't trace whoever propagates the material between various unsecured networks afterward, as no new watermarks are added.

However, the same mass surveillance revealed by the whistle-blower could be used to trace what the newspaper chose to propagate; providing that Edward only propagated to The Guardian and that the newspaper chose propagate only through non-anonymous networks.

Over-the-top (with cream, and sprinkles and everything on top) checklist:

Format the HDD multiple times (DBAN comes to mind)

Using portable grinder - I'll say you can easily grind a small 2.5" laptop HDD into complete dust.. maybe you missed the HDD chassis, but that is as secure as you can be.

Put all (as much as you can scoop off the floor) the dust into separate container, carried by different people that travels to different parts of the world, and throw them out into different parts of the 7 seas (or better, into the steel melting factory)

RAM is Volatile Storage.. but who knows it MAY have something - Portable Grinder to the rescue! (and repeat the next step as well) - Make sure you grind all the chip. You can leave the corner of the board to hold it while grinding.

LateralFractal comment comes to mind.. if you have similar laptops. Or at the very least, you can grind several HDD and RAM and mix the ashes together. (And I hope Matrix's comment has an answer too...)

I can't think of any other parts of the laptop that may carry information.. unless someone decided to use laser etching and physically wrote the information on pieces of the laptop.. then yes grinding the rest of the laptop into dust is also a possibility.

This may sound like a joke.. but don't be surprised if NSA / CIA / FBI comes to your server room armed with portable grinder and this note as part of their "Secure data erasure - when we are unable to transport the data back to HQ safely" manual :P

If we claim that data is only at laptop, then You do onlly need to physicaly damage the HDD. Bios can not contain larger data amounts, so it is a don't care. RAM will loose data after some time so remove the battery and power and short VCC and GND on the PCB near memory, maybe Vtt and GND as for being safe. The rest is don't care.
If You need data to be destroyed and not going with You, the easiest way is to destroy the disk it self, not the HDD unit. And that is a 10 seconds task.

As mentioned in the question - BIOS could contain the password that is used elsewhere. RAM will lose data after some time, but that time is not really deterministic and it's reasonable to assume there are smart ways of reading "bits somewhere between 0 and 1" that could give you a good idea of the data. And HOW do you securely destroy HDD in 10 seconds?
–
domenSep 27 '13 at 13:36

You only REALLY need to destroy things that actually hold data, but it's often easier to destroy the devices that these are part of. The platters of an HDD are a pain to access: certainly it can be done by someone being paid to, but it's a lot quicker to just incinerate the drive. Similar stories hold for the flash chips of an SSD, and for any caching mechanisms used in these drives.

RAM can be a bit more tricky. If you absolutely positively must be certain, destroy the chips. Keeping the laptop unpowered for a few hours can work, but it's dicey, and if the MiBs have some form of portable cold storage to put the laptop in, they can extend the time significantly. Again, all you really need to destroy are the chips, but it's easier to just grind up the whole modules.

The only part of a video card that really needs to be destroyed is its RAM: otherwise, the MiBs could reconstruct what was last on the screen. But since we're talking about laptops, and these things are usually soldered onto the motherboard, it's easier to grind up the whole motherboard.

At that point, you may as well destroy the entire laptop. Aside from being quicker and easier than opening the device and destroying each part individually, it has the side effect of adding a bunch of useless dust to the remains of the important stuff, putting extra noise into the signal. Then you do what other people have said: separate the dust into a few piles, and incinerate them in separate locations.